As more smart technology is used in construction, contractors should be aware of the potential risks and how to mitigate them.
Smart technology use continues to make a significant impact across the construction industry.
During the past five years, the potential for digital technologies to improve productivity has been repeatedly highlighted by government officials and industry professionals alike.
There are a number of important considerations contractors need to take into account as smart tech data becomes more prevalent in the built environment.
What types of smart tech data are being used?
The technology revolution is under way, but how much further is there to go for the construction industry to become truly digital?
Mobile devices are transforming working life, so we can probably expect to see more clever apps that save time and labour.
For example, the results of site inspections can now be recorded ‘live’ on a phone or tablet and sent to the relevant parties in a matter of seconds. If a defect is spotted, the inspector can type the details into the app, upload a photo, and then share it with the relevant parties such as the contractor, subcontractors and the client. This process also creates an immediate record, thereby assisting with record collection and retention.
Taking a view beyond the site works, the occupancy phase of a building’s lifecycle is likely to see the most impact from digital technologies over the next decade. The best commercial buildings already include advanced information and control systems, helping them to learn, adapt and report performance to the owner or operator.
“Taking a view beyond the site works, the occupancy phase of a building’s lifecycle is likely to see the most impact from digital technologies over the next decade”
The emergence of app or cloud-based computing means a similar level of information and control will soon make economic sense for every building from your home to international airports. Digital technologies will monitor the building throughout its design life and support decisions during the end-of-life stage when the building is either remodelled or demolished.
The availability of good data on, for example, the components and materials in the building will make recycling and waste management much more predictable, with real benefits in terms of resource efficiency.
What are the associated risks?
As the industry continues to develop and roll out new smart technologies to achieve greater efficiencies, it’s important that privacy and cyber-security remain front of mind. The loss or theft of market-sensitive information or data, intellectual property or other confidential information can have significant consequences.
Damage arising directly from a breach of data obligations can result in regulatory actions. Where a breach has affected the supply or delivery chain, whether by data loss, unavailability of services or otherwise, a company could be facing claims.
Check your contracts in the supply or delivery chain, as these may already contain express clauses covering data security. Contract counterparties might also look to rely on general contractual obligations to use reasonable care and skill, seek to imply similar terms, or bring an action in negligence.
As well as the supply chain, third parties might be able to bring claims. In the UK, if an individuals’ personal data has been lost, it could potentially lead to claims by those individuals for compensation if it can be argued that they have suffered “damage” as a result of a breach of the Data Protection Act 1998 (DPA 1998).
How can contractors protect themselves?
Cyber breaches are usually complex and can be highly damaging to construction projects, so it is important to plan ahead to ensure your business is prepared for any eventuality.
It can be helpful to think of a cyber-attack on your business (ie your system has been hacked) in terms of a physical attack (ie someone has smashed a window and stolen your property). Many of the responses and subsequent investigations are similar, although arguably a cyber-attack can be more serious in terms of potential damage.
Creating an incident response team to take action during such crisis scenarios can be effective. The senior team should include representatives from experts across management, IT, HR and PR teams, while the internal investigation should be led by in-house or external lawyers who are experienced in managing investigations and able to advise on potential exposure and routes for recovery. The team may also need to include outside experts, such as specialist cyber-security firms or forensic IT experts and accountants.
“It’s important to develop a crisis management protocol by gathering information to understand what has happened, preserving evidence, and controlling the messaging to stakeholders”
The first 24 hours following a breach is vital. During this period, the priorities should be for the core team to shore up defences through software and or hardware fixes.
It’s crucial to isolate the point of attack (mobile, email or web) and protect the most valuable assets – trade secrets or other high-value IP and personal data, for example. Minimise the damage by getting systems up and running again or taken down temporarily to prevent further harm. If passwords have been compromised, alert those affected.
It’s important to develop a crisis management protocol by gathering information to understand what has happened, preserving evidence and controlling the messaging to stakeholders.
Consider any reporting obligations to regulators, supply and delivery chain, the market, insurers and law enforcement authorities. Many companies will prepare for crisis situations by creating annual simulations to ensure the senior team is ready to act on their feet under pressure.
Efficiently responding to cyber-security incidents demonstrates that a company’s compliance programme fulfils its regulatory, contractual and common law duties.
While data management and security is a very important consideration, there are huge commercial opportunities for contractors that successfully deploy smart tech data in the built environment.
In my view, the industry will continue implementing smarter technology and take advantage of the efficiencies that it can bring. However, steps must be taken to protect against cyber breaches.
Matthew Heywood is a partner in the construction practice at Osborne Clarke